Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-18 | CVE-2024-38507 | Cross-site Scripting vulnerability in Jetbrains HUB In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible | 5.4 |
| 2024-06-18 | CVE-2024-5533 | Cross-site Scripting vulnerability in Elegantthemes Divi 4.23.2 The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.25.1 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-18 | CVE-2024-3276 | Cross-site Scripting vulnerability in Fooplugins Foobox The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-06-18 | CVE-2024-4094 | Cross-site Scripting vulnerability in Sharethis Simple Share Buttons Adder The Simple Share Buttons Adder WordPress plugin before 8.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 5.4 |
| 2024-06-18 | CVE-2024-5172 | Cross-site Scripting vulnerability in Expert Invoice Project Expert Invoice The Expert Invoice WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
| 2024-06-18 | CVE-2024-5860 | Incorrect Authorization vulnerability in Tickera The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. | 4.3 |
| 2024-06-18 | CVE-2024-0845 | Cross-site Scripting vulnerability in Redlettuce PDF Viewer for Elementor The PDF Viewer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the render function in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-18 | CVE-2024-1634 | Missing Authorization vulnerability in Startbooking Scheduling Plugin - Online Booking The Scheduling Plugin – Online Booking for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'cbsb_disconnect_settings' function in all versions up to, and including, 3.5.10. | 6.5 |
| 2024-06-18 | CVE-2024-4375 | Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1 The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. | 5.4 |
| 2024-06-18 | CVE-2024-5541 | Unspecified vulnerability in Vowelweb Ibtana The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ibtana_visual_editor_register_ajax_json_endpont' function in all versions up to, and including, 1.2.3.3. | 5.3 |